Abstract
With simple connectivity and fast-growing demand of smart devices and networks, IoT has become more prone to cyber attacks. In order to detect and prevent cyber attacks in IoT networks, intrusion detection system (IDS) plays a crucial role. However, most of the existing IDS have dimensionality curse that reduces overall IoT systems efficiency. Hence, it is important to remove repetitive and irrelevant features while designing effective IDS. Motivated from aforementioned challenges, this paper presents an intelligent cyber attack detection system for IoT network using a novel hybrid feature reduced approach. This technique first performs feature ranking using correlation coefficient, random forest mean decrease accuracy and gain ratio to obtain three different feature sets. Then, features are combined using a suitably designed mechanism (AND operation), to obtain single optimized feature set. Finally, the obtained reduced feature set is fed to three well-known machine learning algorithms such as random forest, K-nearest neighbor and XGBoost for detection of cyber attacks. The efficiency of the proposed cyber attack detection framework is evaluated using NSL-KDD and two latest IoT-based datasets namely, BoT-IoT and DS2OS. Performance of the proposed framework is evaluated and compared with some recent state-of-the-art techniques found in literature, in terms of accuracy, detection rate (DR), precision and F1 score. Performance analysis using these three datasets shows that the proposed model has achieved DR up to 90%–100%, for most of the attack vectors that has close similarity to normal behaviors and accuracy above 99%.
Similar content being viewed by others
References
Tewari, A.; Gupta, B.: Security, privacy and trust of different layers in internet-of-things (IoTs) framework. Future Gener. Comput. Syst. 108, 909–920 (2020)
Tewari, A.; Gupta, B.: A novel ECC-based lightweight authentication protocol for internet of things devices. Int. J. High Perform. Comput. Netw. 15(1–2), 106–120 (2019)
Stergiou, C.; Psannis, K.E.; Gupta, B.B.; Ishibashi, Y.: Security, privacy and efficiency of sustainable cloud computing for big data and IoT. Sustain. Comput. Inform. Syst. 19, 174–184 (2018)
Stergiou, C.L.; Psannis, K.E.; Gupta, B.B.: IoT-based big data secure management in the fog over a 6G wireless network. IEEE Internet Things J. (2020). https://doi.org/10.1109/JIOT.2020.3033131
Olakanmi, O.O.; Dada, A.: An efficient privacy-preserving approach for secure verifiable outsourced computing on untrusted platforms. Int. J. Cloud Appl. Comput. (IJCAC) 9(2), 79–98 (2019)
Etherington, D.; Conger, K.: Large DDoS attacks cause outages at Twitter, Spotify, and other sites. TechCrunch, Np, vol. 21 (2016)
PentaSecurity, “Top 5 shocking IoT security breaches of 2019,” November 22. https://www.pentasecurity.com/blog/top-5-shocking-iot-security-breaches-2019/. Accessed 10 Nov 2019
Jurcut, A.; Niculcea, T.; Ranaweera, P.; Le-Khac, N.-A.: Security considerations for internet of things: a survey. SN Comput. Sci. 1(4), 193 (2020). https://doi.org/10.1007/s42979-020-00201-310.1007/s42979-020-00201-310:1007/s42979-020-00201-3
Eustis, A.G.: The Mirai Botnet and the importance of IoT device security. In: Latifi, S. (ed.) 16th International Conference on Information Technology-New Generations (ITNG 2019), pp. 85–89. Springer, Cham (2019)
Sasan, H.P.S.; Sharma, M.: Intrusion detection using feature selection and machine learning algorithm with misuse detection. Int. J. Comput. Sci. Inf. Technol. 8(1), 17–25 (2016)
Sultana, N.; Chilamkurti, N.; Peng, W.; Alhadad, R.: Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw. Appl. 12(2), 493–501 (2019)
Chaudhary, P.; Gupta, B. B.: DDoS detection framework in resource constrained internet of things domain. In: IEEE 8th Global Conference on Consumer Electronics (GCCE), pp. 675–678 (2019)
Tahsien, S.M.; Karimipour, H.; Spachos, P.: Machine learning based solutions for security of internet of things (IoT): a survey. J. Netw. Comput. Appl. 161, 102630 (2020)
Sangkatsanee, P.; Wattanapongsakorn, N.; Charnsripinyo, C.: Practical real-time intrusion detection using machine learning approaches. Comput. Commun. 34(18), 2227–2235 (2011)
Ren, J.; Guo, J.; Qian, W.; Yuan, H.; Hao, X.; Jingjing, H.: Building an effective intrusion detection system by using hybrid data optimization based on machine learning algorithms. Secur. Commun. Netw. 2019, 7130868 (2019). https://doi.org/10.1155/2019/7130868
Tama, B.A.; Rhee, K.-H.: HFSTE: hybrid feature selections and tree-based classifiers ensemble for intrusion detection system. IEICE Trans. Inf. Syst. 100(8), 1729–1737 (2017)
Gan, X.-S.; Duanmu, J.-S.; Wang, J.-F.; Cong, W.: Anomaly intrusion detection based on PLS feature extraction and core vector machine. Knowl. Based Syst. 40, 1–6 (2013)
Karami, A.; Guerrero-Zapata, M.: A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks. Neurocomputing 149, 1253–1269 (2015)
Chapaneri, R.; Shah, S.: A comprehensive survey of machine learning-based network intrusion detection. In: Satapathy, S.C., Bhateja, V., Das, S. (eds.) Smart Intelligent Computing and Applications, pp. 345–356. Springer, Singapore (2019)
Gupta, R.; Tanwar, S.; Tyagi, S.; Kumar, N.: Machine learning models for secure data analytics: a taxonomy and threat model. Comput. Commun. 153, 406–440 (2020)
Moustafa, N.; Hu, J.; Slay, J.: A holistic review of network anomaly detection systems: a comprehensive survey. J. Netw. Comput. Appl. 128, 33–55 (2019)
Pajouh, H.H.; Javidan, R.; Khayami, R.; Dehghantanha, A.; Choo, K.R.: A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans. Emerg. Top. Comput. 7(2), 314–323 (2019)
Eesa, A.S.; Orman, Z.; Brifcani, A.M.A.: A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42(5), 2670–2679 (2015)
Kamarudin, M.H.; Maple, C.; Watson, T.: Hybrid feature selection technique for intrusion detection system. Int. J. High Perform. Comput. Netw. 13(2), 232–240 (2019)
Chandrashekar, G.; Sahin, F.: A survey on feature selection methods. Comput. Electr. Eng. 40(1), 16–28 (2014)
Manzoor, I.; Kumar, N.; et al.: A feature reduced intrusion detection system using ANN classifier. Expert Syst. Appl. 88, 249–257 (2017)
Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutor. 16(1), 303–336 (2013)
Remeseiro, B.; Bolon-Canedo, V.: A review of feature selection methods in medical applications. Comput. Biol. Med. 112, 103375 (2019)
Huang, J.; Cai, Y.; Xu, X.: A hybrid genetic algorithm for feature selection wrapper based on mutual information. Pattern Recogn. Lett. 28(13), 1825–1844 (2007)
Buczak, A.L.; Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2015)
Al-Garadi, M.A.; Mohamed, A.; Al-Ali, A.K.; Du, X.; Ali, I.; Guizani, M.: A survey of machine and deep learning methods for internet of things (IoT) security. IEEE Commun. Surv. Tutor. 22(3), 1646–1685 (2020)
Tavallaee, M.; Bagheri, E.; Lu, W.; Ghorbani, A. A.: A detailed analysis of the KDD cup 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)
Tavallaee, M.; Bagheri, E.; Lu, W.; Ghorbani, A.: The NSL-KDD data set. https://web.archive.org/web/20150205070216/. http://nsl.cs.unb.ca/NSL-KDD/. Accessed 10 Aug 2019
Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B.: Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Future Gener. Comput. Syst. 100, 779–796 (2019)
Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B.: The Bot-IoT dataset. https://cloudstor.aarnet.edu.au/plus/s/umT99TnxvbpkkoE (2018). Accessed 10 Sept 2019
Pahl, M.-O.; Aubet, F.-X.: All eyes on you: distributed multi-dimensional IoT microservice anomaly detection. In: 14th International Conference on Network and Service Management (CNSM), pp. 72–80. IEEE (2018)
Pahl, M.O.; Aubet, F.X.: DS2OS traffic traces. https://www.kaggle.com/francoisxa/ds2ostraffictraces (2018). Accessed 28 Sept 2019
Pajouh, H.H.; Dastghaibyfard, G.; Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)
Wu, K.; Chen, Z.; Li, W.: A novel intrusion detection model for a massive network using convolutional neural networks. IEEE Access 6, 50 850–50 859 (2018)
Gao, X.; Shan, C.; Hu, C.; Niu, Z.; Liu, Z.: An adaptive ensemble machine learning model for intrusion detection. IEEE Access 7, 82 512–82 521 (2019)
Yang, Y.; Zheng, K.; Wu, C.; Niu, X.; Yang, Y.: Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks. Appl. Sci. 9(2), 238 (2019)
Zhang, C.; Ruan, F.; Yin, L.; Chen, X.; Zhai, L.; Liu, F.: A deep learning approach for network intrusion detection based on NSL-KDD dataset. In: IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 41–45. IEEE (2019)
Tian, Q.; Han, D.; Li, K.-C.; Liu, X.; Duan, L.; Castiglione, A.: An intrusion detection approach based on improved deep belief network. Appl. Intell. (2020). https://doi.org/10.1007/s10489-020-01694-4
Hasan, M.; Islam, M.M.; Zarif, M.I.I.; Hashem, M.: Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet Things 7, 100059 (2019)
Shafiq, M.; Tian, Z.; Sun, Y.; Du, X.; Guizani, M.: Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city. Future Gener. Comput. Syst. 107, 433–442 (2020)
Soe, Y.N.; Feng, Y.; Santosa, P.I.; Hartanto, R.; Sakurai, K.: Towards a lightweight detection system for cyber attacks in the IoT environment using corresponding features. Electronics 9(1), 144 (2020)
Kanakarajan, N.K.; Muniasamy, K.: Improving the accuracy of intrusion detection using gar-forest with feature selection. In: Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015, pp. 539–547. Springer (2016)
Idhammad, M.; Afdel, K.; Belouch, M.: Semi-supervised machine learning approach for DDoS detection. Appl. Intell. 48(10), 3193–3208 (2018)
Latah, M.; Toker, L.: Towards an efficient anomaly-based intrusion detection for software-defined networks. IET Netw. 7(6), 453–459 (2018)
Staudemeyer, R.; Omlin, C.: Feature set reduction for automatic network intrusion detection with machine learning algorithms. In: Proceedings of the Southern African Telecommunication Networks and Applications Conference (SATNAC), p. 105 (2009)
Latah, M.; Toker, L.: An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks. CoRR (2018). arXiv:1806.03875
Al-Qatf, M.; Lasheng, Y.; Al-Habib, M.; Al-Sabahi, K.: Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access 6, 52 843–52 856 (2018)
Tama, B.A.; Comuzzi, M.; Rhee, K.-H.: TSE-IDS: a two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access 7, 94 497–94 507 (2019)
Çavuşoğlu, Ü.: A new hybrid approach for intrusion detection using machine learning methods. Appl. Intell. 49(7), 2735–2761 (2019)
Chandak, T.; Shukla, S.; Wadhvani, R.: “An analysis of a feature reduced intrusion detection system using ANN classifier” by Akashdeep et al. expert systems with applications (2017). Expert Syst. Appl. 130, 79–83 (2019)
Kaja, N.; Shaout, A.; Ma, D.: An intelligent intrusion detection system. Appl. Intell. 49(9), 3235–3247 (2019)
Ghazy, R.A.; El-Rabaie, E.-S.M.; Dessouky, M.I.; El-Fishawy, N.A.; Abd El-Samie, F.E.: Feature selection ranking and subset-based techniques with different classifiers for intrusion detection. Wirel. Pers. Commun. 111(1), 375–393 (2020)
Mahfouz, A.M.; Venugopal, D.; Shiva, S.G.: Comparative analysis of ML classifiers for network intrusion detection. In: Fourth International Congress on Information and Communication Technology, pp. 193–207. Springer (2020)
Su, T.; Sun, H.; Zhu, J.; Wang, S.; Li, Y.: BAT: deep learning methods on network intrusion detection using NSL-KDD dataset. IEEE Access 8, 29 575–29 585 (2020)
Hur, J.-H.; Ihm, S.-Y.; Park, Y.-H.: A variable impacts measurement in random forest for mobile cloud computing. Wirel. Commun. Mob. Comput. 2017, 6817627 (2017). https://doi.org/10.1155/2017/6817627
Blessie, E.C.; Karthikeyan, E.: SIGMIS: a feature selection algorithm using correlation based method. J. Algorithms Comput. Technol. 6(3), 385–394 (2012)
Strobl, C.; Boulesteix, A.-L.; Zeileis, A.; Hothorn, T.: Bias in random forest variable importance measures: illustrations, sources and a solution. BMC Bioinform. 8(1), 25 (2007)
Dağ, H.; Sayin, K.E.; Yenidoğan, I.; Albayrak, S.; Acar, C.: Comparison of feature selection algorithms for medical data. In: International Symposium on Innovations in Intelligent Systems and Applications, pp. 1–5. IEEE (2012)
Bao, R.-J.; Rong, H.-J.; Angelov, P.P.; Chen, B.; Wong, P.K.: Correntropy-based evolving fuzzy neural system. IEEE Trans. Fuzzy Syst. 26(3), 1324–1338 (2017)
Svetnik, V.; Liaw, A.; Tong, C.; Culberson, J.C.; Sheridan, R.P.; Feuston, B.P.: Random forest: a classification and regression tool for compound classification and QSAR modeling. J. Chem. Inf. Comput. Sci. 43(6), 1947–1958 (2003)
Louati, F.; Ktata, F.B.: A deep learning-based multi-agent system for intrusion detection. SN Appl. Sci. 2(4), 1–13 (2020)
Chen, T.; Guestrin, C.: XGBoost: a scalable tree boosting system. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 785–794 (2016)
CISA, “Security tip (st04-015) understanding denial-of-service attacks,” November 20. https://www.us-cert.gov/ncas/tips/ST04-015 (2019). Accessed 1 Feb 2020
Letteri, I.; Penna, G.D.; Gasperis, G.D.: Security in the internet of things: botnet detection in software-defined networks by deep learning techniques. Int. J. High Perform. Comput. Netw. 15(3–4), 170–182 (2019)
Abomhara, M.; et al.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J. Cyber Secur. Mob. 4(1), 65–88 (2015)
Jesudoss, A.; Subramaniam, N.: A survey on authentication attacks and countermeasures in a distributed environment. Indian J. Comput. Sci. Eng. (IJCSE) 5(2), 71–77 (2014)
Belavagi, M.C.; Muniyal, B.: Performance evaluation of supervised machine learning algorithms for intrusion detection. Procedia Comput. Sci. 89(2016), 117–123 (2016)
Ma, W.; Qu, H.; Zhao, J.: Estimator with forgetting factor of correntropy and recursive algorithm for traffic network prediction. In: 25th Chinese Control and Decision Conference (CCDC), pp. 490–494. IEEE (2013)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kumar, P., Gupta, G.P. & Tripathi, R. Toward Design of an Intelligent Cyber Attack Detection System using Hybrid Feature Reduced Approach for IoT Networks. Arab J Sci Eng 46, 3749–3778 (2021). https://doi.org/10.1007/s13369-020-05181-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-020-05181-3